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ABSTRACT : 

A computer network encryption/decryption device includes at least one 
microprocessor, microprocessor support hardware, at least two network 
ports for connecting to upstream and downstream networks, memory hardware 
for storing program, configuration, and keylist data, and data 
encryption/decryption hardware. Both network ports have the same network 
address, making the device transparent to the local area network in which 
it is spliced. The device operates by selectively encrypting or 
decrypting only the data portion of a data packet, leaving the routing 
information contained in the header and trailer portions of the data 
packet unchanged. " 

6 Claims, 10 Drawing Figures 
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CLAIMS : 
CLMS ( 1 ) 
What is claimed is: 

1. A method for encrypting a first packet transmitted from a first 
computer network to a second computer network, wherein said first packet 
includes a header field containing information about the first packet and 



a data field containintBBIata, said method comprising th^feteps of: 

receiving said first packet from said first network; 

extracting said information about the first packet from said header 

field of said first packet; 
comparing said information about the first packet with matching criteria 

including a list of source addresses, a list of destination addresses, 

and key information, to determine if said first packet is to be 

encrypted; and 

encrypting said first packet if said first packet is to be encrypted. 
CLMS ( 2 ) 

2. The method of claim 1 further including the step of: 

transmitting a second packet to said second network if said first packet 
has been encrypted, said second packet comprising a second header field 
containing information about the second packet, and a second data field 
containing said encrypted first packet. 

CLMS (3) 

3. The method of claim 1 further including the step of: 
transmitting said first packet to said second network if said first 

packet has not been encrypted. 

CLMS ( 4 ) 

4. A method for decrypting the data field of a second packet transmitted 
from a second computer network to a first computer network, wherein said 
second packet includes a header field containing information about the 
second packet and a data field containing data, said method comprising 
the steps of: 

receiving said second packet from said second network; 

extracting said information about the second packet from said header 

field of said second packet; 
comparing said information about the second packet with matching 

criteria including a list of source addresses, destination addresses 

and key information, to determine if said data field of said second 

packets is to be decrypted; and 
decrypting said data field of said second packet if said second packet 

is to be decrypted. 

CLMS ( 5 ) 

5. The method of claim 4 further including the step of: 

transmitting a first packet to said first network if said data field of 
said second packet has been decrypted, said first packet comprising 
said decrypted data field of said second packet. 

CLMS (6) 

6. The method of claim 4 further including the step of: 

transmitting said second packet to said first network if said data field 
of said second packet has not been decrypted. 



